CAPTCHA - How to Prevent Robot or Digital Entry on a Form which Could Lead to Causing Damages to Data

• Download Captcha.zip - 1.2 KB

Introduction

My simple snippet will show you how I have used Google captcha in my login form. The form cannot be submitted until it has been verified that the user is not a robot but human.

Using the Code

To begin, go to this link to get your reCAPTCHA keys. After you have done the registration and not have the keys, follow the guide below.

The two keys needed are the Secret key and data-sitekey.

1. Within your php tag, set your variable ($secretKey) to the secret key string gotten from Google key generation page. 
2. Write form request method ((($_SERVER['REQUEST_METHOD']=='POST'))) to check when the form is submitted just like in the code section.
3. And thirdly, within your form tag is to display the CAPTCHA using the data-sitekey with the g-recaptcha class as seen in the code section.

This tip content was mostly copied from: 

<?php

if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
 
$secretKey = "6LeRwsklAAAAAJaFVyT1UJUDZnsZCFFVk7Q_uFJQ";

 if(($_SERVER['REQUEST_METHOD']=='POST'))
           {
// Section to validate reCAPTCHA entry during form submittion
    $message ="";    
    if(isset($_POST['g-recaptcha-response']) && 
             !empty($_POST['g-recaptcha-response'])){            
     
        $response   = isset($_POST["g-recaptcha-response"]) ? 
                            $_POST['g-recaptcha-response'] : null;

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
    'secret' => $secretKey,
    'response' => $response,
    'remoteip' => $_SERVER['REMOTE_ADDR']
));

$message = json_decode(curl_exec($ch));
curl_close($ch);
               
         if ($message->success === true) {
            
$username = $password  = "";             
$username=test_input($_POST['username']);    
$password=test_input($_POST['password']);
          login($username, $password);
        }
        
        }
           
    else{ 

    echo '<script>alert("The Captcha verification did not work")</script>';
            
        } 
                   
        }    
?>

<!DOCTYPE html>

<html lang="en">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta >
<link href="" />
<title></title>
<meta name="">
<meta name=" content="">

</head>
<body>

<form id="form-send-money" method="post" autocomplete="off" 
      action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" > 
     <label>Enter Username(email address)</label>  
     <input type="text" name="username" class="form-control" 
      maxlength = "" required="" />  
     <br />  
     <label>Enter Password</label>  
     <input type="password" name="password" class="form-control" 
      maxlength = "" required="" />  
     <br />  
     <div class="g-recaptcha" data-sitekey="6LeRw555AAAAAGO5555JYkWVTZdF"></div>
                      
     <div>  <input type="submit" name="login" value="Login" 
             class="btn btn-primary btn-block" />   
     </div>       
     </form>
</body>
</html>

Points of Interest

It is very important to understand that, until the CAPTCHA is clicked, your form can never be submitted. This is just its way to check that there is no script/robot trying to do the form submission.

The Google CAPTCHA after several logins or invalid logins is able to produce other types of hurdles to further check it is actually not a Robot trying to submit. This is mostly selecting a matching photo from a list of photos.

History

• 4^th June, 2023: Initial version

Updated code will be shared when there is any improvement.